<!DOCTYPE html>
<html lang="zh-CN">





<head><meta name="generator" content="Hexo 3.9.0">
  <meta charset="UTF-8">
  <link rel="apple-touch-icon" sizes="76x76" href="/blog/img/apple-touch-icon.png">
  <link rel="icon" type="image/png" href="/blog/img/favicon.png">
  <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no, shrink-to-fit=no">
  <meta http-equiv="x-ua-compatible" content="ie=edge">
  
  <meta name="theme-color" content="#2f4154">
  <meta name="description" content="兴趣使然的个人博客">
  <meta name="author" content="Ilirus">
  <meta name="keywords" content>
  <title>SpringSecurity简单入门 - Ilirus</title>

  <link rel="stylesheet" href="https://cdn.staticfile.org/twitter-bootstrap/4.4.1/css/bootstrap.min.css">


  <link rel="stylesheet" href="https://cdn.staticfile.org/github-markdown-css/4.0.0/github-markdown.min.css">
  <link rel="stylesheet" href="/blog/lib/hint/hint.min.css">

  
    <link rel="stylesheet" href="https://cdn.staticfile.org/highlight.js/10.0.0/styles/atom-one-light.min.css">
  

  


<!-- 主题依赖的图标库，不要自行修改 -->
<link rel="stylesheet" href="//at.alicdn.com/t/font_1749284_yg9cfy8wd6.css">

<link rel="stylesheet" href="//at.alicdn.com/t/font_1736178_pjno9b9zyxs.css">

<link rel="stylesheet" href="/blog/css/main.css">

<!-- 自定义样式保持在最底部 -->


  <script src="/blog/js/utils.js"></script>
</head>


<body>
  <header style="height: 70vh;">
    <nav id="navbar" class="navbar fixed-top  navbar-expand-lg navbar-dark scrolling-navbar">
  <div class="container">
    <a class="navbar-brand"
       href="/blog/">&nbsp;<strong>Ilirus</strong>&nbsp;</a>

    <button id="navbar-toggler-btn" class="navbar-toggler" type="button" data-toggle="collapse"
            data-target="#navbarSupportedContent"
            aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
      <div class="animated-icon"><span></span><span></span><span></span></div>
    </button>

    <!-- Collapsible content -->
    <div class="collapse navbar-collapse" id="navbarSupportedContent">
      <ul class="navbar-nav ml-auto text-center">
        
          
          
          
          
            <li class="nav-item">
              <a class="nav-link" href="/blog/">
                <i class="iconfont icon-home-fill"></i>
                首页
              </a>
            </li>
          
        
          
          
          
          
            <li class="nav-item">
              <a class="nav-link" href="/blog/archives/">
                <i class="iconfont icon-archive-fill"></i>
                归档
              </a>
            </li>
          
        
          
          
          
          
            <li class="nav-item">
              <a class="nav-link" href="/blog/categories/">
                <i class="iconfont icon-category-fill"></i>
                分类
              </a>
            </li>
          
        
          
          
          
          
            <li class="nav-item">
              <a class="nav-link" href="/blog/tags/">
                <i class="iconfont icon-tags-fill"></i>
                标签
              </a>
            </li>
          
        
          
          
          
          
            <li class="nav-item">
              <a class="nav-link" href="/blog/about/">
                <i class="iconfont icon-user-fill"></i>
                关于
              </a>
            </li>
          
        
        
          <li class="nav-item" id="search-btn">
            <a class="nav-link" data-toggle="modal" data-target="#modalSearch">&nbsp;&nbsp;<i
                class="iconfont icon-search"></i>&nbsp;&nbsp;</a>
          </li>
        
      </ul>
    </div>
  </div>
</nav>

    <div class="view intro-2" id="background" parallax=true
         style="background: url('/blog/img/default.png') no-repeat center center;
           background-size: cover;">
      <div class="full-bg-img">
        <div class="mask flex-center" style="background-color: rgba(0, 0, 0, 0.3)">
          <div class="container text-center white-text fadeInUp">
            <span class="h2" id="subtitle">
              
            </span>

            
              
  <div class="mt-3 post-meta">
    <i class="iconfont icon-date-fill" aria-hidden="true"></i>
    <time datetime="2020-03-23 04:35">
      2020年3月23日 凌晨
    </time>
  </div>


<div class="mt-1">
  
    
    <span class="post-meta mr-2">
      <i class="iconfont icon-chart"></i>
      1k 字
    </span>
  

  
    
    <span class="post-meta mr-2">
      <i class="iconfont icon-clock-fill"></i>
      
      
      14
       分钟
    </span>
  

  
  
</div>

            
          </div>

          
        </div>
      </div>
    </div>
  </header>

  <main>
    
      

<div class="container-fluid">
  <div class="row">
    <div class="d-none d-lg-block col-lg-2"></div>
    <div class="col-lg-8 nopadding-md">
      <div class="container nopadding-md" id="board-ctn">
        <div class="py-5" id="board">
          <div class="post-content mx-auto" id="post">
            
            <article class="markdown-body">
              <h1 id="Spring-Security-是什么"><a href="#Spring-Security-是什么" class="headerlink" title="Spring Security 是什么"></a>Spring Security 是什么</h1><p><code>Spring Security</code>是一套<strong>认证授权</strong>框架，支持认证模式如HTTP BASIC 认证头 (基于 IETF RFC-based 标准)，HTTP Digest 认证头 ( IETF RFC-based 标准)，Form-based authentication (用于简单的用户界面)，OpenID 认证等，Spring Security使得当前系统可以快速集成这些验证机制亦或是实现自己的一套验证机制。</p>
<p><code>Spring Security</code>可以对所以进入系统的请求进行拦截，效验每个请求是否能访问对应的资源。</p>
<h1 id="Spring-Security-如何工作"><a href="#Spring-Security-如何工作" class="headerlink" title="Spring Security 如何工作"></a>Spring Security 如何工作</h1><p><code>Spring Security</code>对Web 资源的保护是靠<code>Filter</code>来实现的，当初始化<code>Spring Security</code>时，会创建一个名为<code>SpringSecurityFilterChain</code>的过滤器，类型为<code>org.springframework.security.web.FilterChainProxy</code>，它实现了<code>javax.servlet.Filter</code>，因此外部的请求都会经过这个过滤器。</p>
<p><code>SpringSecurityFilterChain</code>中包含的各个<code>Filter</code>都作为<code>Bean</code>被<code>Spring</code>所管理，他们是<code>Spring Security</code>的核心，各司其职，但这些<code>Filter</code>并不直接处理用户的认证，也不直接处理用户的授权，而出把这些工作交给<strong>认证管理器</strong>(AuthenticationManager)和<strong>决策管理器</strong>(AccessDecisionManager)进行处理。</p>
<h1 id="认证流程"><a href="#认证流程" class="headerlink" title="认证流程"></a>认证流程</h1><p><img src="https://s1.ax1x.com/2020/03/28/GFBovV.png" srcset="/blog/img/loading.gif" alt="SpringSecurity认证流程"></p>
<a id="more"></a>
<h1 id="引入依赖"><a href="#引入依赖" class="headerlink" title="引入依赖"></a>引入依赖</h1><p>在<code>pom.xml</code>中写入以下依赖<br><pre><code class="hljs xml"><span class="hljs-tag">&lt;<span class="hljs-name">dependency</span>&gt;</span>
  <span class="hljs-tag">&lt;<span class="hljs-name">groupId</span>&gt;</span>org.springframework.boot<span class="hljs-tag">&lt;/<span class="hljs-name">groupId</span>&gt;</span>
  <span class="hljs-tag">&lt;<span class="hljs-name">artifactId</span>&gt;</span>spring-boot-starter-security<span class="hljs-tag">&lt;/<span class="hljs-name">artifactId</span>&gt;</span>
<span class="hljs-tag">&lt;/<span class="hljs-name">dependency</span>&gt;</span>
<span class="hljs-tag">&lt;<span class="hljs-name">dependency</span>&gt;</span>
  <span class="hljs-tag">&lt;<span class="hljs-name">groupId</span>&gt;</span>org.springframework.security<span class="hljs-tag">&lt;/<span class="hljs-name">groupId</span>&gt;</span>
  <span class="hljs-tag">&lt;<span class="hljs-name">artifactId</span>&gt;</span>spring-security-test<span class="hljs-tag">&lt;/<span class="hljs-name">artifactId</span>&gt;</span>
  <span class="hljs-tag">&lt;<span class="hljs-name">scope</span>&gt;</span>test<span class="hljs-tag">&lt;/<span class="hljs-name">scope</span>&gt;</span>
<span class="hljs-tag">&lt;/<span class="hljs-name">dependency</span>&gt;</span></code></pre></p>
<h1 id="编写配置"><a href="#编写配置" class="headerlink" title="编写配置"></a>编写配置</h1><pre><code class="hljs java"><span class="hljs-keyword">package</span> com.ilirus.oauth.config;

<span class="hljs-keyword">import</span> org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
<span class="hljs-keyword">import</span> org.springframework.security.config.annotation.web.builders.HttpSecurity;
<span class="hljs-keyword">import</span> org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
<span class="hljs-keyword">import</span> org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
<span class="hljs-keyword">import</span> org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

<span class="hljs-meta">@Configuration</span>
<span class="hljs-meta">@EnableWebSecurity</span>
<span class="hljs-keyword">public</span> <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">SecurityConfig</span> <span class="hljs-keyword">extends</span> <span class="hljs-title">WebSecurityConfigurerAdapter</span> </span>&#123;
    <span class="hljs-meta">@Override</span>
    <span class="hljs-function"><span class="hljs-keyword">protected</span> <span class="hljs-keyword">void</span> <span class="hljs-title">configure</span><span class="hljs-params">(AuthenticationManagerBuilder auth)</span> <span class="hljs-keyword">throws</span> Exception </span>&#123;
        <span class="hljs-comment">// 在内存中创建用户</span>
        auth.inMemoryAuthentication()
            <span class="hljs-comment">// 使用BCryptPasswordEncoder 加密密码</span>
              .passwordEncoder(<span class="hljs-keyword">new</span> BCryptPasswordEncoder())
            <span class="hljs-comment">// 用户名为 user</span>
              .withUser(<span class="hljs-string">"user"</span>)
            <span class="hljs-comment">// 密码为 123</span>
              .password(<span class="hljs-keyword">new</span> BCryptPasswordEncoder().encode(<span class="hljs-string">"123"</span>))
            <span class="hljs-comment">//拥有 USER 权限</span>
              .roles(<span class="hljs-string">"USER"</span>);
    &#125;
    <span class="hljs-meta">@Override</span>
    <span class="hljs-function"><span class="hljs-keyword">protected</span> <span class="hljs-keyword">void</span> <span class="hljs-title">configure</span><span class="hljs-params">(HttpSecurity http)</span> <span class="hljs-keyword">throws</span> Exception </span>&#123;
        http.authorizeRequests()
            <span class="hljs-comment">// 匹配"/","/index","/error"</span>
            .antMatchers(<span class="hljs-string">"/"</span>,<span class="hljs-string">"/index"</span>,<span class="hljs-string">"/error"</span>)
            <span class="hljs-comment">// 不需要权限即可访问</span>
            .permitAll()
            <span class="hljs-comment">// 匹配"/user" 路径下的所有</span>
            .antMatchers(<span class="hljs-string">"/user/**"</span>)
            <span class="hljs-comment">// 拥有USER 权限才可访问</span>
            .hasRole(<span class="hljs-string">"USER"</span>)
            .antMatchers(<span class="hljs-string">"/admin/**"</span>)
            .hasRole(<span class="hljs-string">"ADMIN"</span>)
            .and()
            <span class="hljs-comment">// 允许使用表单登录</span>
            .formLogin()
            <span class="hljs-comment">// 自定义登录页面地址</span>
            .loginPage(<span class="hljs-string">"/login"</span>)
            <span class="hljs-comment">// 指定处理登录的url, 即登录表单的action对应的地址</span>
            .loginProcessingUrl(<span class="hljs-string">"/login/identify"</span>)
            <span class="hljs-comment">// 成功后默认跳转到"/user"</span>
            .defaultSuccessUrl(<span class="hljs-string">"/user"</span>)
            .and().logout()
            <span class="hljs-comment">// 自定义注销地址</span>
            .logoutUrl(<span class="hljs-string">"/logout"</span>)
            <span class="hljs-comment">// 注销后跳转到 "/login"</span>
            .logoutSuccessUrl(<span class="hljs-string">"/login"</span>)
            <span class="hljs-comment">// 注销时是否让HttpSession 无效化</span>
            .invalidateHttpSession(<span class="hljs-keyword">true</span>)
            .and()
            <span class="hljs-comment">// 禁用跨域请求验证</span>
            .csrf().disable();
    &#125;
&#125;</code></pre>
<p>如果不想关闭<code>CSRF</code>保护，则需要在自定义的登录表单中添加如下代码<br><pre><code class="hljs html"><span class="hljs-tag">&lt;<span class="hljs-name">input</span> <span class="hljs-attr">type</span>=<span class="hljs-string">"hidden"</span> <span class="hljs-attr">th:if</span>=<span class="hljs-string">"$&#123;_csrf != null&#125;"</span> <span class="hljs-attr">th:name</span>=<span class="hljs-string">"$&#123;_csrf.parameterName&#125;"</span> <span class="hljs-attr">th:value</span>=<span class="hljs-string">"$&#123;_csrf.token&#125;"</span> /&gt;</span></code></pre></p>
<p>至此，一个最简单的SpringSecurity 验证就引入到了demo 中</p>
<h2 id="使用UserDetailsManager创建用户"><a href="#使用UserDetailsManager创建用户" class="headerlink" title="使用UserDetailsManager创建用户:"></a>使用<code>UserDetailsManager</code>创建用户:</h2><pre><code class="hljs java"><span class="hljs-meta">@Bean</span>
<span class="hljs-function"><span class="hljs-keyword">public</span> UserDetailsService <span class="hljs-title">userDetailsService</span><span class="hljs-params">()</span> </span>&#123;
    InMemoryUserDetailsManager manager = <span class="hljs-keyword">new</span> InMemoryUserDetailsManager();
    manager.createUser(User
            .withUsername(<span class="hljs-string">"user"</span>)
            .password(<span class="hljs-string">"123"</span>)
            .roles(<span class="hljs-string">"USER"</span>)
            .build());

    <span class="hljs-keyword">return</span> manager;
&#125;
<span class="hljs-comment">// 密码编码器</span>
<span class="hljs-meta">@Bean</span>
<span class="hljs-function"><span class="hljs-keyword">public</span> PasswordEncoder <span class="hljs-title">passwordEncoder</span><span class="hljs-params">()</span> </span>&#123;
    <span class="hljs-comment">// NoOpPasswordEncoder: 不进行编码</span>
    <span class="hljs-keyword">return</span> NoOpPasswordEncoder.getInstance();
&#125;</code></pre>
<h1 id="连接数据库"><a href="#连接数据库" class="headerlink" title="连接数据库"></a>连接数据库</h1><p>修改之前的配置类<br><pre><code class="hljs java"><span class="hljs-meta">@Configuration</span>
<span class="hljs-meta">@EnableWebSecurity</span>
<span class="hljs-keyword">public</span> <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">SecurityConfig</span> <span class="hljs-keyword">extends</span> <span class="hljs-title">WebSecurityConfigurerAdapter</span> </span>&#123;
    <span class="hljs-meta">@Bean</span>
    <span class="hljs-function"><span class="hljs-keyword">public</span> PasswordEncoder <span class="hljs-title">passwordEncoder</span><span class="hljs-params">()</span> </span>&#123;
        <span class="hljs-comment">// 密码编码器</span>
        <span class="hljs-keyword">return</span> <span class="hljs-keyword">new</span> BCryptPasswordEncoder();
    &#125;

    <span class="hljs-meta">@Override</span>
    <span class="hljs-function"><span class="hljs-keyword">protected</span> <span class="hljs-keyword">void</span> <span class="hljs-title">configure</span><span class="hljs-params">(HttpSecurity http)</span> <span class="hljs-keyword">throws</span> Exception </span>&#123;
        http.authorizeRequests()
            .antMatchers(<span class="hljs-string">"/"</span>,<span class="hljs-string">"/index"</span>,<span class="hljs-string">"/error"</span>).permitAll()
            .antMatchers(<span class="hljs-string">"/user/**"</span>).hasRole(<span class="hljs-string">"USER"</span>)
            .and().formLogin();
    &#125;
&#125;</code></pre></p>
<p>自定义一个service，继承<code>UserDetailsService</code>类<br><pre><code class="hljs java"><span class="hljs-keyword">package</span> com.ilirus.oauth.service;

<span class="hljs-keyword">import</span> com.ilirus.oauth.dao.UserDao;
<span class="hljs-keyword">import</span> com.ilirus.oauth.entities.UserEntity;
<span class="hljs-keyword">import</span> org.springframework.security.core.userdetails.User;
<span class="hljs-keyword">import</span> lombok.extern.slf4j.Slf4j;
<span class="hljs-keyword">import</span> org.springframework.security.core.userdetails.UserDetails;
<span class="hljs-keyword">import</span> org.springframework.security.core.userdetails.UserDetailsService;
<span class="hljs-keyword">import</span> org.springframework.security.core.userdetails.UsernameNotFoundException;
<span class="hljs-keyword">import</span> org.springframework.stereotype.Service;

<span class="hljs-keyword">import</span> javax.annotation.Resource;

<span class="hljs-meta">@Service</span>
<span class="hljs-meta">@Slf</span>4j
<span class="hljs-keyword">public</span> <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">UserService</span> <span class="hljs-keyword">implements</span> <span class="hljs-title">UserDetailsService</span> </span>&#123;
    <span class="hljs-meta">@Resource</span>
    <span class="hljs-keyword">private</span> UserDao dao;

    <span class="hljs-meta">@Override</span>
    <span class="hljs-function"><span class="hljs-keyword">public</span> UserDetails <span class="hljs-title">loadUserByUsername</span><span class="hljs-params">(String username)</span> <span class="hljs-keyword">throws</span> UsernameNotFoundException </span>&#123;
        log.info(<span class="hljs-string">"Username: "</span>+username);
        <span class="hljs-comment">// 数据库查询</span>
        UserEntity user = dao.getUser(username);
        UserDetails userDetails = User.withUsername(user.getName())
                                      .password(user.getPassword())
                                      .roles(<span class="hljs-string">"USER"</span>).build();
        <span class="hljs-keyword">return</span> userDetails;
    &#125;
&#125;</code></pre></p>
<p><code>loadUserByUsername</code>方法中的参数即为登录表单中的用户名，在数据库中查询到对应用户的信息后，将其装入<code>UserDetails</code>中，然后返回给<code>DaoAuthenticationProvider</code>。</p>
<p><code>DaoAuthenticationProvider</code>会使用<code>PasswordEncoder</code>对用户提交的表单中的密码进行编码，然后将其与从<code>UserDetailService</code>中接收到的UserDetail 中的密码信息进行对比，以判断是否通过。</p>

            </article>
            <hr>
            <div>
              <div class="post-metas mb-3">
                
                  <div class="post-meta mr-3">
                    <i class="iconfont icon-category"></i>
                    
                      <a class="hover-with-bg" href="/blog/categories/SpringSecurity/">SpringSecurity</a>
                    
                  </div>
                
                
                  <div class="post-meta">
                    <i class="iconfont icon-tags"></i>
                    
                      <a class="hover-with-bg" href="/blog/tags/Java/">Java</a>
                    
                      <a class="hover-with-bg" href="/blog/tags/SpringSecurity/">SpringSecurity</a>
                    
                  </div>
                
              </div>
              
                <p class="note note-warning">本博客所有文章除特别声明外，均采用 <a href="https://zh.wikipedia.org/wiki/Wikipedia:CC_BY-SA_3.0%E5%8D%8F%E8%AE%AE%E6%96%87%E6%9C%AC" rel="nofollow noopener">CC BY-SA 3.0协议</a> 。转载请注明出处！</p>
              
              
                <div class="post-prevnext row">
                  <div class="post-prev col-6">
                    
                    
                      <a href="/blog/2020/03/29/笔记-SpringCloud学习09-OpenFeign服务调用/">
                        <i class="iconfont icon-arrowleft"></i>
                        <span class="hidden-mobile">[笔记]SpringCloud学习09: OpenFeign服务调用</span>
                        <span class="visible-mobile">上一篇</span>
                      </a>
                    
                  </div>
                  <div class="post-next col-6">
                    
                    
                      <a href="/blog/2020/03/21/笔记-SpringCloud学习08-Ribbon基础/">
                        <span class="hidden-mobile">[笔记]SpringCloud学习08: Ribbon基础</span>
                        <span class="visible-mobile">下一篇</span>
                        <i class="iconfont icon-arrowright"></i>
                      </a>
                    
                  </div>
                </div>
              
            </div>

            
              <!-- Comments -->
              <div class="comments" id="comments">
                
                
  <div id="lv-container" data-id="city" data-uid="MTAyMC80NTMxNi8yMTgyOQ==">
    <script type="text/javascript">
      function loadLivere() {
        addScript('https://cdn-city.livere.com/js/embed.dist.js');
      }
      createObserver(loadLivere, 'lv-container');
    </script>
    <noscript>为正常使用来必力评论功能请允许 JavaScript 运行</noscript>
  </div>


              </div>
            
          </div>
        </div>
      </div>
    </div>
    
      <div class="d-none d-lg-block col-lg-2 toc-container" id="toc-ctn">
        <div id="toc">
  <p class="toc-header"><i class="iconfont icon-list"></i>&nbsp;目录</p>
  <div id="tocbot"></div>
</div>

      </div>
    
  </div>
</div>

<!-- Custom -->


    
  </main>

  
    <a id="scroll-top-button" href="#" role="button">
      <i class="iconfont icon-arrowup" aria-hidden="true"></i>
    </a>
  

  
    <div class="modal fade" id="modalSearch" tabindex="-1" role="dialog" aria-labelledby="ModalLabel"
     aria-hidden="true">
  <div class="modal-dialog modal-dialog-scrollable modal-lg" role="document">
    <div class="modal-content">
      <div class="modal-header text-center">
        <h4 class="modal-title w-100 font-weight-bold">搜索</h4>
        <button type="button" id="local-search-close" class="close" data-dismiss="modal" aria-label="Close">
          <span aria-hidden="true">&times;</span>
        </button>
      </div>
      <div class="modal-body mx-3">
        <div class="md-form mb-5">
          <input type="text" id="local-search-input" class="form-control validate">
          <label data-error="x" data-success="v"
                 for="local-search-input">关键词</label>
        </div>
        <div class="list-group" id="local-search-result"></div>
      </div>
    </div>
  </div>
</div>
  

  

  

  <footer class="mt-5">
  <div class="text-center py-3">
    <div>
      <a href="https://hexo.io" target="_blank" rel="nofollow noopener"><span>Hexo</span></a>
      <i class="iconfont icon-love"></i>
      <a href="https://github.com/fluid-dev/hexo-theme-fluid" target="_blank" rel="nofollow noopener">
        <span>Fluid</span></a>
    </div>
    

    

    
  </div>
</footer>

<!-- SCRIPTS -->
<script  src="https://cdn.staticfile.org/jquery/3.4.1/jquery.min.js" ></script>
<script  src="https://cdn.staticfile.org/twitter-bootstrap/4.4.1/js/bootstrap.min.js" ></script>
<script  src="/blog/js/debouncer.js" ></script>
<script  src="/blog/js/main.js" ></script>

<!-- Plugins -->


  
    <script  src="/blog/js/lazyload.js" ></script>
  



  <script defer src="https://cdn.staticfile.org/clipboard.js/2.0.6/clipboard.min.js" ></script>
  <script  src="/blog/js/clipboard-use.js" ></script>







  <script  src="https://cdn.staticfile.org/tocbot/4.11.1/tocbot.min.js" ></script>
  <script>
    $(document).ready(function () {
      var boardCtn = $('#board-ctn');
      var boardTop = boardCtn.offset().top;

      tocbot.init({
        tocSelector: '#tocbot',
        contentSelector: 'article.markdown-body',
        headingSelector: 'h1,h2,h3,h4,h5,h6',
        linkClass: 'tocbot-link',
        activeLinkClass: 'tocbot-active-link',
        listClass: 'tocbot-list',
        isCollapsedClass: 'tocbot-is-collapsed',
        collapsibleClass: 'tocbot-is-collapsible',
        collapseDepth: 0,
        scrollSmooth: true,
        headingsOffset: -boardTop
      });
      if ($('.toc-list-item').length > 0) {
        $('#toc').css('visibility', 'visible');
      }
    });
  </script>



  <script  src="https://cdn.staticfile.org/typed.js/2.0.11/typed.min.js" ></script>
  <script>
    var typed = new Typed('#subtitle', {
      strings: [
        '  ',
        "SpringSecurity简单入门&nbsp;",
      ],
      cursorChar: "_",
      typeSpeed: 70,
      loop: false,
    });
    typed.stop();
    $(document).ready(function () {
      $(".typed-cursor").addClass("h2");
      typed.start();
    });
  </script>



  <script  src="https://cdn.staticfile.org/anchor-js/4.2.2/anchor.min.js" ></script>
  <script>
    anchors.options = {
      placement: "right",
      visible: "hover",
      
    };
    var el = "h1,h2,h3,h4,h5,h6".split(",");
    var res = [];
    for (item of el) {
      res.push(".markdown-body > " + item)
    }
    anchors.add(res.join(", "))
  </script>



  <script  src="/blog/js/local-search.js" ></script>
  <script>
    var path = "/blog/local-search.xml";
    var inputArea = document.querySelector("#local-search-input");
    inputArea.onclick = function () {
      searchFunc(path, 'local-search-input', 'local-search-result');
      this.onclick = null
    }
  </script>



  <script  src="https://cdn.staticfile.org/fancybox/3.5.7/jquery.fancybox.min.js" ></script>
  <link  rel="stylesheet" href="https://cdn.staticfile.org/fancybox/3.5.7/jquery.fancybox.min.css" />

  <script>
    $('#post img:not(.no-zoom img, img[no-zoom]), img[zoom]').each(
      function () {
        var element = document.createElement('a');
        $(element).attr('data-fancybox', 'images');
        $(element).attr('href', $(this).attr('src'));
        $(this).wrap(element);
      }
    );
  </script>







  
  
    <script type="text/javascript">
      //定义获取词语下标
      var a_idx = 0;
      jQuery(document).ready(function ($) {
        //点击body时触发事件
        $("body").click(function (e) {
          //需要显示的词语
          var a = new Array("富强", "民主", "文明", "和谐", "自由", "平等", "公正", "法治", "爱国", "敬业", "诚信", "友善");
          //设置词语给span标签
          var $i = $("<span/>").text(a[a_idx]);
          //下标等于原来下标+1  余 词语总数
          a_idx = (a_idx + 1) % a.length;
          //获取鼠标指针的位置，分别相对于文档的左和右边缘。
          //获取x和y的指针坐标
          var x = e.pageX, y = e.pageY;
          //在鼠标的指针的位置给$i定义的span标签添加css样式
          $i.css({
            "z-index": 999,
            "top": y - 20,
            "left": x,
            "position": "absolute",
            "font-weight": "bold",
            "color": rand_color()
          });
          // 随机颜色
          function rand_color() {
            return "rgb(" + ~~(255 * Math.random()) + "," + ~~(255 * Math.random()) + "," + ~~(255 * Math.random()) + ")"
          }
          //在body添加这个标签
          $("body").append($i);
          //animate() 方法执行 CSS 属性集的自定义动画。
          //该方法通过CSS样式将元素从一个状态改变为另一个状态。CSS属性值是逐渐改变的，这样就可以创建动画效果。
          //详情请看http://www.w3school.com.cn/jquery/effect_animate.asp
          $i.animate({
            //将原来的位置向上移动180
            "top": y - 180,
            "opacity": 0
            //1500动画的速度
          }, 1500, function () {
            //时间到了自动删除
            $i.remove();
          });
        });
      })
      ;
    </script>
  














<script src="/blog/live2dw/lib/L2Dwidget.min.js?094cbace49a39548bed64abff5988b05"></script><script>L2Dwidget.init({"pluginModelPath":"assets/","model":{"jsonPath":"/blog/live2dw/assets/tororo.model.json"},"display":{"position":"left","width":300,"height":300},"mobile":{"show":false},"log":false,"pluginJsPath":"lib/","pluginRootPath":"live2dw/","tagMode":false});</script></body>
</html>
